Thursday, 17 February 2011

Identifiability in RFID

My abstract on "Identifiability in RFID" has been accepted for the forthcoming British Irish Law, Education and Technology Association (BILETA) 2011 Conference.

Abstract:


By 2011-2013, Radio Frequency Identification (RFID) is expected to grow at a Compound Annual Growth Rate (CAGR) of 17 percent. Globally, it is predicted that the Asia-Pacific region will witness the highest growth in terms of revenue. Europe and North America will gradually focus to improving their business processes with the RFID technology. The world’s second largest economy, China, has had deployed major and large scale RFID applications in her Beijing Olympics 2008 and the World Expo 2010 at Shanghai. It is predicted that from 2007 to 2011, the market size of RFID deployment in China shall be 17.83 percent of CAGR.

Against these backgrounds, it could be seen that RFID deployment and business is handsomely expeditious. Nonetheless, the data protection and privacy’s response on RFID is still crawling for an outreach. In the world’s data protection and privacy laws today, there are still dividing demography that segmented the application of data protection and privacy laws. Such application is influenced by different principles and approaches mainly the OECD Guidelines on Privacy, the European Union Data Protection Directive 95/46/EC, the APEC Privacy Principles, the United States Safe Harbor principles and respective national laws’ data protection and privacy laws, piecemeal and sector specific legislation. Broadly, the applications of these laws are not straight forward as it has its defined complexities, challenges and adoptions. Specifically, attempts have been made to address data protection and privacy concerns in RFID. This paper, in particular, attempts to go back to the basic principles of identifiability within the context of RFID. It analyses what constitute identifiability in RFID, if, there is an involvement of a person or many persons that collect, process, aggregate, manage, retain and expunge such data within an RFID application. The concept of identifiability will be appraised by referring to the European Union Data Protection Directive 95/46/EC.

In order to achieve the above, this paper is divided into 3 sections. The first section will briefly narrate the genealogy of RFID and how it develops to being a commoditised technology today. The second section analyses the summarised consultations that have had taken place within the Article 29 Data Protection Working Party and to what extend it has achieved the desired levels of outcome. Section three will then look into the meaning of data processor, controller and third party from the context of RFID. The discussion will then extend to the crux of the issue: identifiability. It outlines these fundamental questions; what, why, who, when and how identifiability is regarded as a fundamental concept in RFID, data protection and privacy.


Keywords: RFID. Data protection and privacy. European Union Directive 95/46/EC. Article 29 Data Protection Working Party.